My mother dragged me along for a walk one day along the winding mountain roads near our property when I was a small boy. As we came upon our driveway, she discovered a small, folded note stuck conspicuously into our paper box. She wasn’t sure what it could have been since the newspaper delivery for our rural area had already come and gone that morning. Curious, she carefully unfolded it and read through the contents as a look of disgust came across her face. “It’s a bloody chain letter someone stuck in our box!” She exclaimed (not her real words as I don’t remember them precisely, but I’m sure she said something of the sort).

At the time, I had no idea what a chain letter was. Well, I had a vague notion that it probably didn’t involve chains. I also suspected–mostly based on the observation of my mother’s reaction–that it wasn’t much of a letter, either. So, I asked if I could read it.

While the text of the message has long since faded into the fog of distant memories, I recall that I was puzzled someone would threaten the reader with some ridiculous curse–like seven years of stepping in fresh hairballs hacked up by a malevolent feline the night before–if they didn’t copy the letter verbatim and continue spreading it to other hapless neighbors. We threw it away with a laugh.

I can’t say any of us stepped in fresh hairballs for seven years after the fact, either.

The problem rises…

Chain letters eventually entered the digital age somewhere during the middle-to-late 1990s when some mischievous soul discovered that frightening words work really well online. Not only that, but they didn’t even have to be sneaky! Gone were the days of inching toward someone’s mailbox, quietly sliding the letter inside, and running like Hell before they were discovered by the property owner’s angry dog with a penchant for turning trespassers into chew toys.

Nay, chain e-mails were much easier. The digital age made copying text as simple as selecting everyone in the sender’s address book and clicking “send.” Better yet, since there was (and still is) no way to trace where an e-mail really did originate from without the cooperation of dozens of disparate services between recipients, often across geographical and international boundaries, taking responsibility for a potentially threatening note was no longer an issue.

“But I received it from so-and-so,” they’d exclaim, “and I felt I needed to send it off. Please don’t be angry!”

Chain e-mails could have ended there but they didn’t. They evolved instead.

The rise of virus hoaxes.

Sometime during the latter half of the 1990s, an enterprising and likely very bored individual came up with a brilliant idea. Chain e-mails are so last year. He thought to himself. What if I make it so it doesn’t read like a chain letter and sounds more ominous? Maybe… He undoubtedly scratched his chin and assumed the pose of a cartoonish super-villain, maybe I could write them as an ominous warning!

So, our soon-to-be e-mail dispatcher thought quietly to himself, basking in the soft glow of his monitor. He couldn’t warn about natural disasters. That had been done before, too. As he contemplated and considered different scenarios, with visions of many screaming and frightened Internet users turning off their computers in panic dancing through his head, his e-mail program popped up. You’ve got mail!

I’ve got new e-mail! He exclaimed to himself, shattering the visions of cloudy skies and social unrest as the coming e-mail apocalypse overtook his neighborhood.

He glanced over the contents of the e-mail. It was an update from a site containing funny pictures and jokes. I should have never subscribed to this stupid site, he thought. But wait, what if they had a virus? What if they were giving their users viruses!

It was at some point between his malicious leanings against an innocent humor site and his desire to cause unkempt panic that the two thoughts merge into an idea that would cause endless headaches for people like me.

And I swear, if I can ever find the real-life villain of this fictitious short story, I’m going to make him do technical support for AOL for a year. Hopefully at the end of his 365 day sentence, he’ll learn that his brilliant insight into generating the online equivalent of outright public terror has caused us techy types no end of extra hours of support, trouble tickets, and tides of worried customers. Maybe then he’ll have enough empathy to avoid pressing “send” the next time the cogs between his ears start to labor and squeal under the weight of malevolent thoughts.

What does this mean to you?

You’re the innocent party in this, and you’re exactly the type of person Mr. Villain wants to target. When he devised his e-mail “warning” about some type of new virus or other horrible sounding device that can purportedly damage your computer, he knew that most people want to do the Right Thing. He knew that if he could scare you enough, you’ll do his dirty work for him. When that e-mail comes in titled “DON’T OPEN ‘FUNNY CATS PLAYING WITH GOLF BALLS'” because it contains a virus that will destroy your data, turn your chocolate into brussel sprouts, and bite your dog, you’ll worry enough to click on forward, enter everyone in your address book on the CC lines, and click send.

The vast majority of us may not be perfect people, but we like to do what we can to look out for each other. Unfortunately, we’re the prey in this circumstance. It’s our psychology that plays directly into the hands of these mischievous types who live to see how far they can spread panic. Moreover, while knowledge may be power, the vast majority of the Internet’s denizens don’t know enough about computers to tell whether or not an e-mail warning of certain doom is genuine!

The kicker is surprising: You don’t need to know very much at all about computers to halt Mr. Villain’s plans in mid-stride. All you need is some vigilance, a good search engine, and some common sense.

Spotting a chain e-mail (virus hoax) in disguise: It’s easy!

It’s pretty easy to spot chain e-mails disguised as a virus warning, but let’s try some hands-on experience first. Read the following sample hoaxes, and tell me what they have in common:

Please Be Extremely Careful especially if using internet mail such as Yahoo, Hotmail, AOL and so on. This information arrived this morning direct from both Microsoft and Norton. Please send it to everybody you know who has access to the Internet.

You may receive an apparently harmless email with a Power Point presentation “Life is beautiful.”

If you receive it DO NOT OPEN THE FILE UNDER ANY CIRCUMSTANCES, and delete it immediately. If you open this file, a message will appear on your screen saying: “It is too late now, your life is no longer beautiful.” Subsequently you will LOSE EVERYTHING IN YOUR PC and the person who sent it to you will gain access to your name, e-mail and password. This is a new virus which started to circulate on Saturday afternoon. AOL has already confirmed the severity, and the antivirus software’s are not capable of destroying it. The virus has been created by a hacker who calls himself “life owner.”

PLEASE SEND A COPY OF THIS EMAIL TO ALL YOUR FRIENDS and ask them to PASS IT ON IMMEDIATELY.

The newest virus circulating is the UPS/Fed Ex Delivery Failure. You will receive an email from UPS/Fed Ex Service along with a packet number.. It will say that they were unable to deliver a package sent to you on such-and-such a date. It then asks you to print out the invoice copy attached. DON’T TRY TO PRINT THIS. IT LAUNCHES THE VIRUS! Pass this warning on to all your PC operators at work and home. This virus has caused Millions of dollars in damage in the past few days.

Okay, time’s up! Can you tell me what they all have in common?

If you answered with something akin to “They all want you to send them to as many people as possible,” you’re exactly right. Virus hoaxes really are a type of chain letter. They may not threaten you with a seven year curse, but they certainly hint that your computer, your friends’ computers, your family’s computers, and generally anything with flashing lights on the front cover are all susceptible to horrific deeds just from opening a letter from an innocuous source. There’s plenty more examples I could point to, but I’ll leave this to you to work on for extra credit. You can start here.

Okay, so virus hoaxes are bad, but what about these ones that claim they’re true and/or point to a site like Snopes?

Virus hoaxes that claim to be true will often point to reputable sites like Snopes.com for proof of their existence. Oftentimes they’ll cite a real virus that does indeed exist, but they often romanticize about the virus’ capabilities claiming it can do things it was never designed to do.

These types of viruses are also chain letters; the difference is that they use a small kernel of truth to spread a fable in the hopes of hooking even the strongest skeptics. This works especially well because most people have a rough idea of what hoax e-mails look like. Therefore, by including a statement claiming to have done research or linking to a reputable site, most readers will assume that someone else has already done the research for them. Again, it’s a matter of psychology: We humans like it when someone else does our work for us. After all, that’s why we have plumbers, Walmart, and even civilization. The world economy depends on this psychological truth, and that’s where Mr. Villain preys upon us.

Really, there is absolutely no substitute for doing the research yourself. I know that sounds like a lot of work, but I have some tips to help you. Researching for virus hoaxes will take at most five minutes of your time (although I have a shortcut that takes only 10 seconds). If that sounds like too much, think of it this way: If you send a virus hoax to 20 of your friends, 5 of whom forward it to 20 of their friends, and so on, assuming it takes each person who doesn’t forward the message about a minute to decide if they want to trash it or not, that one virus hoax you sent could consume 250 minutes of time after it’s forwarded in this manner a meager 3 times. That’s a little over four hours spent just to delete a single message.

It’s true what they say: Little things really do add up over time.

I want to know what is a hoax and whether I should forward this e-mail or not.

There’s a pretty simple rule of thumb you can follow whenever you receive a message warning you about a new (or old) virus, and I know you’re curious about my 10 second shortcut. Here it is: Never forward that message. Ever. Just run your mouse cursor up to your delete button and click it.

I know that sounds a little harsh, and you were most likely expecting me to share the secret wisdom handed down to me by those generations that came before from high atop Bell Labs. There really isn’t any secret wisdom. Honest. Anyone–and I really do mean this–can learn how to spot hoaxes just from a casual glance of the message contents. But, for those who are insistent that I share something, here’s what I’d recommend:

Examine the message for a plea, demand, or other indication that it is desirable for you to forward it off to other people. This is a dead giveaway that the message is a virus hoax (more correctly, a chain e-mail).

Go to Google (or your favorite search engine) and search for some keywords contained in the message. If it mentions Hallmark, type out “hallmark virus hoax” or “hallmark email virus”; likewise, if it talks about UPS, enter in something similar e.g. “ups virus hoax.”

Glance through the search results from step #2. You don’t even have to read them. In most cases, the sample text is enough to tell whether the message is a hoax or not.

There are plenty of sites you can use to aid in your search, too. Some sites I’d recommend are Snopes, Hoax Slayer, and About.com’s Urban Legends. These sites will generally have a list of e-mail messages or provide a method of searching them for e-mail virus warnings. Be aware that these sites cover all hoaxes, not just e-mail viruses, so they make an excellent source if you happen to receive a hoax unrelated to viruses.

(Optional!) If you really want to do some research and the e-mail lists a particular name for the virus, you can usually look it up via Google or go directly to one of several anti-virus vendor informational sites. Here’s just a few places to search for viruses: Symantec, Trend Micro, McAfee, or Avira.

That last step is the most complicated, but it also gives you the most correct information since these are the very people who work with viruses (and defeating viruses) for a living.

However, when in doubt, the best option is to forward the message to someone in the know, such as a knowledgeable friend or relative. Ask them to identify the veracity of the forwarded message, and they’ll be able to tell you whether or not you should worry about it. If you happen to know a few knowledgeable people, just forward it off to one or two–you definitely don’t need a second (or third) opinion.

Perhaps the most important thing to remember about e-mail–and this ties in to one of many reasons you shouldn’t forward virus warnings–is that it’s slow. E-mail is also asynchronous, meaning that it’s a conversational medium that doesn’t take place simultaneously. Whereas you can talk to someone on the phone and have immediate feedback, e-mails often wait in the recipient’s inbox for a few hours (or even days!) before they’re seen.

If you consider how slow e-mail really is, it’s the worst possible medium for sharing critical news, and certainly the worst for sharing information about new viruses. I’m subscribed to several security mailing lists like CERT and even they don’t send out e-mail related to new threats for a day or so (sometimes longer!) until after the threat has been discovered. There are reasons for this, and I won’t go into them here, but suffice it to say that if the security professionals often don’t share breaking news as it happens via e-mail, no message we receive via a forwarded e-mail is going to be pertinent for up and coming threats.

(There’s a slight clarification to this point. Some breaking news is dispatched via mailing list, but they seldom involve viruses. Most of the traffic on the seclists.org mailing lists involve current or possible exploits related to holes in various operating systems. Security researches–and even virus authors–often trawl this list for useful information. seclists.org almost never reports viruses unless they comprise proof-of-concept code for exploiting specific vulnerabilities. You should understand that mailing lists are a significantly different use case from how most of us use e-mail, hence why I discriminate between the two here.)

Someone sent me a hoax. What do I do?

Tell them! Really, the best way to stop a hoax dead in its tracks is to educate your friends and family. Help keep them from falling into Mr. Villain’s trap! If you did research on the message they sent, reply with a link to that site! Better yet, link them here, and I’ll help inform them. The perpetrators of virus hoax e-mails will only be successful as long as we are willing to let them be successful. It doesn’t take long to educate yourself, and the best part is that you can help educate your friends, too! Simply put: If we work together to educate each other about e-mail hoaxes, there will be even fewer making their way into our inboxes!